apache · mneethiraj · Jan 7, 2025 · Jan 3, 2025 · Jan 3, 2025 · Jan 3, 2025
diff --git a/dev-support/checkstyle-suppressions.xml b/dev-support/checkstyle-suppressions.xml
@@ -36,4 +36,53 @@
   <suppress files="SortField.java" checks="TypeName"/>
   <suppress files="SPOOL_FILE_STATUS.java" checks="TypeName"/>
   <suppress files="TimedEventUtil.java" checks="HideUtilityClassConstructor"/>
+  <suppress files="PatchAssignSecurityZonePersmissionToAdmin_J10026.java" checks="TypeName"/>
+  <suppress files="PatchAtlasForClassificationResource_J10047" checks="TypeName"/>
+  <suppress files="PatchForAllServiceDefForPolicyConditionUpdate_J10060" checks="TypeName"/>
+  <suppress files="PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049" checks="TypeName"/>
+  <suppress files="PatchForAllServiceDefUpdateForResourceSpecificAccesses_J10012" checks="TypeName"/>
+  <suppress files="PatchForAtlasAdminAudits_J10043" checks="TypeName"/>
+  <suppress files="PatchForAtlasResourceAndAccessTypeUpdate_J10016" checks="TypeName"/>
+  <suppress files="PatchForAtlasServiceDefUpdate_J10013" checks="TypeName"/>
+  <suppress files="PatchForAtlasToAddEntityLabelAndBusinessMetadata_J10034" checks="TypeName"/>
+  <suppress files="PatchForAtlasToAddTypeRead_J10040" checks="TypeName"/>
+  <suppress files="PatchForDefaultAuidtFilters_J10050" checks="TypeName"/>
+  <suppress files="PatchForExternalUserStatusUpdate_J10056" checks="TypeName"/>
+  <suppress files="PatchForHBaseDefaultPolicyUpdate_J10045" checks="TypeName"/>
+  <suppress files="PatchForHBaseServiceDefUpdate_J10035" checks="TypeName"/>
+  <suppress files="PatchForHiveServiceDefUpdate_J10006" checks="TypeName"/>
+  <suppress files="PatchForHiveServiceDefUpdate_J10007" checks="TypeName"/>
+  <suppress files="PatchForHiveServiceDefUpdate_J10009" checks="TypeName"/>
+  <suppress files="PatchForHiveServiceDefUpdate_J10010" checks="TypeName"/>
+  <suppress files="PatchForHiveServiceDefUpdate_J10017" checks="TypeName"/>
+  <suppress files="PatchForHiveServiceDefUpdate_J10027" checks="TypeName"/>
+  <suppress files="PatchForHiveServiceDefUpdate_J10030" checks="TypeName"/>
+  <suppress files="PatchForKafkaServiceDefUpdate_J10015" checks="TypeName"/>
+  <suppress files="PatchForKafkaServiceDefUpdate_J10025" checks="TypeName"/>
+  <suppress files="PatchForKafkaServiceDefUpdate_J10033" checks="TypeName"/>
+  <suppress files="PatchForMigratingOldRegimePolicyJson_J10046" checks="TypeName"/>
+  <suppress files="PatchForMigratingRangerServiceResource_J10037" checks="TypeName"/>
+  <suppress files="PatchForNifiResourceUpdateExclude_J10011" checks="TypeName"/>
+  <suppress files="PatchForOzoneDefaultPoliciesUpdate_J10044" checks="TypeName"/>
+  <suppress files="PatchForOzoneServiceDefConfigUpdate_J10051" checks="TypeName"/>
+  <suppress files="PatchForOzoneServiceDefUpdate_J10041" checks="TypeName"/>
+  <suppress files="PatchForPrestoToSupportPresto333_J10038" checks="TypeName"/>
+  <suppress files="PatchForServiceVersionInfo_J10004" checks="TypeName"/>
+  <suppress files="PatchForSolrSvcDefAndPoliciesUpdate_J10055" checks="TypeName"/>
+  <suppress files="PatchForSyncSourceUpdate_J10054" checks="TypeName"/>
+  <suppress files="PatchForTagServiceDefUpdate_J10008" checks="TypeName"/>
+  <suppress files="PatchForTagServiceDefUpdate_J10028" checks="TypeName"/>
+  <suppress files="PatchForTrinoSvcDefUpdate_J10062" checks="TypeName"/>
+  <suppress files="PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063" checks="TypeName"/>
+  <suppress files="PatchForUpdatingPolicyJson_J10019" checks="TypeName"/>
+  <suppress files="PatchForUpdatingTagsJson_J10020" checks="TypeName"/>
+  <suppress files="PatchForXGlobalState_J10036" checks="TypeName"/>
+  <suppress files="PatchGrantAuditPermissionToKeyRoleUser_J10014" checks="TypeName"/>
+  <suppress files="PatchMigration_J10002" checks="TypeName"/>
+  <suppress files="PatchPasswordEncryption_J10001" checks="TypeName"/>
+  <suppress files="PatchPermissionModel_J10003" checks="TypeName"/>
+  <suppress files="PatchPreSql_057_ForUpdateToUniqueGUID_J10052" checks="TypeName"/>
+  <suppress files="PatchPreSql_058_ForUpdateToUniqueResoureceSignature_J10053" checks="TypeName"/>
+  <suppress files="PatchSetAccessTypeCategory_J10061" checks="TypeName"/>
+  <suppress files="PatchTagModulePermission_J10005" checks="TypeName"/>
 </suppressions>
diff --git a/security-admin/src/main/java/javax/ws/rs/core/NoContentException.java b/security-admin/src/main/java/javax/ws/rs/core/NoContentException.java
@@ -1,4 +1,3 @@
-
 /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
@@ -7,9 +6,9 @@
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

diff --git a/security-admin/src/main/java/org/apache/ranger/AccessAuditsService.java b/security-admin/src/main/java/org/apache/ranger/AccessAuditsService.java
@@ -30,83 +30,60 @@
 import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
 import org.springframework.beans.factory.annotation.Autowired;
 
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.List;
+import java.util.Map;
 
 public class AccessAuditsService {
-    protected List<SortField> sortFields = new ArrayList<SortField>();
-    protected List<SearchField> searchFields;
+    protected List<SortField>   sortFields   = new ArrayList<>();
+    protected List<SearchField> searchFields = new ArrayList<>();
+
     @Autowired
-    protected
-    RESTErrorUtil restErrorUtil;
+    protected RESTErrorUtil    restErrorUtil;
+
     @Autowired
-    protected
-    RangerDaoManager daoManager;
+    protected RangerDaoManager daoManager;
 
     public AccessAuditsService() {
-        searchFields = new ArrayList<SearchField>();
-        searchFields.add(new SearchField("id", "id",
-                SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
-        searchFields.add(new SearchField("accessType", "access",
-                SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
-        searchFields.add(new SearchField("aclEnforcer", "enforcer",
-                SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
-        searchFields.add(new SearchField("agentId", "agent",
-                SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
-        searchFields.add(new SearchField("repoName", "repo",
-                SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
-        searchFields.add(new SearchField("sessionId", "sess",
-                SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
-        searchFields.add(new SearchField("requestUser", "reqUser",
-                SearchField.DATA_TYPE.STR_LIST, SearchField.SEARCH_TYPE.FULL));
-        searchFields.add(new SearchField("excludeUser", "exlUser",
-                SearchField.DATA_TYPE.STR_LIST, SearchField.SEARCH_TYPE.FULL));
-        searchFields.add(new SearchField("requestData", "reqData", SearchField.DATA_TYPE.STRING,
-                SearchField.SEARCH_TYPE.PARTIAL));
-        searchFields.add(new SearchField("resourcePath", "resource", SearchField.DATA_TYPE.STRING,
-                SearchField.SEARCH_TYPE.PARTIAL));
-        searchFields.add(new SearchField("clientIP", "cliIP",
-                SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
-
-        searchFields.add(new SearchField("auditType", "logType",
-                SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
-        searchFields.add(new SearchField("accessResult", "result",
-                SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
+        searchFields.add(new SearchField("id", "id", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
+        searchFields.add(new SearchField("accessType", "access", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
+        searchFields.add(new SearchField("aclEnforcer", "enforcer", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
+        searchFields.add(new SearchField("agentId", "agent", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
+        searchFields.add(new SearchField("repoName", "repo", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
+        searchFields.add(new SearchField("sessionId", "sess", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
+        searchFields.add(new SearchField("requestUser", "reqUser", SearchField.DATA_TYPE.STR_LIST, SearchField.SEARCH_TYPE.FULL));
+        searchFields.add(new SearchField("excludeUser", "exlUser", SearchField.DATA_TYPE.STR_LIST, SearchField.SEARCH_TYPE.FULL));
+        searchFields.add(new SearchField("requestData", "reqData", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL));
+        searchFields.add(new SearchField("resourcePath", "resource", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL));
+        searchFields.add(new SearchField("clientIP", "cliIP", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
+
+        searchFields.add(new SearchField("auditType", "logType", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
+        searchFields.add(new SearchField("accessResult", "result", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
         // searchFields.add(new SearchField("assetId", "obj.assetId",
         // SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
-        searchFields.add(new SearchField("policyId", "policy",
-                SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
-        searchFields.add(new SearchField("repoType", "repoType",
-                SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
+        searchFields.add(new SearchField("policyId", "policy", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
+        searchFields.add(new SearchField("repoType", "repoType", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
         /* Note; search fields starting with '-' denotes exclude conditions,
          * it should be handled manually if audit destination does not support the same.
          * solr support this way while cloudwatch does not.
          */
-        searchFields.add(new SearchField("-repoType", "-repoType",
-                SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
-        searchFields.add(new SearchField("-requestUser", "-reqUser",
-                SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
-        searchFields.add(new SearchField("resourceType", "resType",
-                SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
-        searchFields.add(new SearchField("reason", "reason",
-                SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
-        searchFields.add(new SearchField("action", "action",
-                SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
-
-        searchFields.add(new SearchField("startDate", "evtTime",
-                SearchField.DATA_TYPE.DATE, SearchField.SEARCH_TYPE.GREATER_EQUAL_THAN));
-        searchFields.add(new SearchField("endDate", "evtTime", SearchField.DATA_TYPE.DATE,
-                SearchField.SEARCH_TYPE.LESS_EQUAL_THAN));
+        searchFields.add(new SearchField("-repoType", "-repoType", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
+        searchFields.add(new SearchField("-requestUser", "-reqUser", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
+        searchFields.add(new SearchField("resourceType", "resType", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
+        searchFields.add(new SearchField("reason", "reason", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
+        searchFields.add(new SearchField("action", "action", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
+
+        searchFields.add(new SearchField("startDate", "evtTime", SearchField.DATA_TYPE.DATE, SearchField.SEARCH_TYPE.GREATER_EQUAL_THAN));
+        searchFields.add(new SearchField("endDate", "evtTime", SearchField.DATA_TYPE.DATE, SearchField.SEARCH_TYPE.LESS_EQUAL_THAN));
 
         searchFields.add(new SearchField("tags", "tags", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL));
-        searchFields.add(new SearchField("cluster", "cluster",
-                SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
-        searchFields.add(new SearchField("zoneName", "zoneName",
-                SearchField.DATA_TYPE.STR_LIST, SearchField.SEARCH_TYPE.FULL));
-        searchFields.add(new SearchField("agentHost", "agentHost",
-                SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL));
-
-        sortFields.add(new SortField("eventTime", "evtTime", true,
-                SortField.SORT_ORDER.DESC));
+        searchFields.add(new SearchField("cluster", "cluster", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
+        searchFields.add(new SearchField("zoneName", "zoneName", SearchField.DATA_TYPE.STR_LIST, SearchField.SEARCH_TYPE.FULL));
+        searchFields.add(new SearchField("agentHost", "agentHost", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL));
+
+        sortFields.add(new SortField("eventTime", "evtTime", true, SortField.SORT_ORDER.DESC));
         sortFields.add(new SortField("policyId", "policy", false, SORT_ORDER.ASC));
         sortFields.add(new SortField("requestUser", "reqUser", false, SORT_ORDER.ASC));
         sortFields.add(new SortField("resourceType", "resType", false, SORT_ORDER.ASC));
@@ -120,13 +97,16 @@ public AccessAuditsService() {
     protected void updateUserExclusion(Map<String, Object> paramList) {
         String val = (String) paramList.get("excludeServiceUser");
 
-        if (val != null && Boolean.valueOf(val.trim())) {
+        if (val != null && Boolean.parseBoolean(val.trim())) {
             // add param to negate requestUsers which will be added as filter query
             List<String> excludeUsersList = getExcludeUsersList();
+
             if (CollectionUtils.isNotEmpty(excludeUsersList)) {
                 Object oldUserExclusions = paramList.get("-requestUser");
-                if (oldUserExclusions instanceof Collection && (!((Collection<?>)oldUserExclusions).isEmpty())) {
-                    excludeUsersList.addAll((Collection<String>)oldUserExclusions);
+
+                if (oldUserExclusions instanceof Collection && (!((Collection<?>) oldUserExclusions).isEmpty())) {
+                    excludeUsersList.addAll((Collection<String>) oldUserExclusions);
+
                     paramList.put("-requestUser", excludeUsersList);
                 } else {
                     paramList.put("-requestUser", excludeUsersList);
@@ -137,32 +117,38 @@ protected void updateUserExclusion(Map<String, Object> paramList) {
 
     private List<String> getExcludeUsersList() {
         //for excluding serviceUsers using existing property in ranger-admin-site
-        List<String> excludeUsersList = new ArrayList<String>(getServiceUserList());
+        List<String> excludeUsersList = new ArrayList<>(getServiceUserList());
 
         //for excluding additional users using new property in ranger-admin-site
-        String additionalExcludeUsers = PropertiesUtil.getProperty("ranger.accesslogs.exclude.users.list");
-        List<String> additionalExcludeUsersList = null;
+        String       additionalExcludeUsers     = PropertiesUtil.getProperty("ranger.accesslogs.exclude.users.list");
+        List<String> additionalExcludeUsersList;
+
         if (StringUtils.isNotBlank(additionalExcludeUsers)) {
             additionalExcludeUsersList = new ArrayList<>(Arrays.asList(StringUtils.split(additionalExcludeUsers, ",")));
+
             for (String serviceUser : additionalExcludeUsersList) {
                 if (StringUtils.isNotBlank(serviceUser) && !excludeUsersList.contains(serviceUser.trim())) {
                     excludeUsersList.add(serviceUser);
                 }
             }
         }
+
         return excludeUsersList;
     }
 
     private List<String> getServiceUserList() {
-        String components = EmbeddedServiceDefsUtil.DEFAULT_BOOTSTRAP_SERVICEDEF_LIST;
-        List<String> serviceUsersList = new ArrayList<String>();
-        List<String> componentNames =  Arrays.asList(StringUtils.split(components,","));
-        for(String componentName : componentNames) {
-            String serviceUser = PropertiesUtil.getProperty("ranger.plugins."+componentName+".serviceuser");
-            if(StringUtils.isNotBlank(serviceUser)) {
+        String       components       = EmbeddedServiceDefsUtil.DEFAULT_BOOTSTRAP_SERVICEDEF_LIST;
+        List<String> serviceUsersList = new ArrayList<>();
+        String[]     componentNames   = StringUtils.split(components, ",");
+
+        for (String componentName : componentNames) {
+            String serviceUser = PropertiesUtil.getProperty("ranger.plugins." + componentName + ".serviceuser");
+
+            if (StringUtils.isNotBlank(serviceUser)) {
                 serviceUsersList.add(serviceUser);
             }
         }
+
         return serviceUsersList;
     }
 }
diff --git a/security-admin/src/main/java/org/apache/ranger/json/Folder.java b/security-admin/src/main/java/org/apache/ranger/json/Folder.java
@@ -17,27 +17,27 @@
  * under the License.
  */
 
- package org.apache.ranger.json;
+package org.apache.ranger.json;
 
 import java.util.List;
 
 public class Folder {
+    String       name;
+    List<Folder> folders;
 
-	String name;
-	List<Folder> folders;
-
-
-	public String getName() {
-		return name;
-	}
-	public void setName(String name) {
-		this.name = name;
-	}
-	public List<Folder> getFolders() {
-		return folders;
-	}
-	public void setFolders(List<Folder> folders) {
-		this.folders = folders;
-	}
-
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public List<Folder> getFolders() {
+        return folders;
+    }
+
+    public void setFolders(List<Folder> folders) {
+        this.folders = folders;
+    }
 }
diff --git a/security-admin/src/main/java/org/apache/ranger/json/JsonDateSerializer.java b/security-admin/src/main/java/org/apache/ranger/json/JsonDateSerializer.java
@@ -17,34 +17,29 @@
  * under the License.
  */
 
- package org.apache.ranger.json;
-
-import java.io.IOException;
-import java.text.SimpleDateFormat;
-import java.util.Date;
+package org.apache.ranger.json;
 
 import com.fasterxml.jackson.core.JsonGenerator;
-import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.JsonSerializer;
 import com.fasterxml.jackson.databind.SerializerProvider;
 import org.springframework.stereotype.Component;
 
+import java.io.IOException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+
 /**
  * Used to serialize Java.util.Date, which is not a common JSON type, so we have
  * to create a custom serialize method;.
- *
  */
 @Component
 public class JsonDateSerializer extends JsonSerializer<Date> {
+    private static final String DATE_FORMAT = "yyyy-MM-dd'T'HH:mm:ss'Z'";
 
-	private static final String DATE_FORMAT = "yyyy-MM-dd'T'HH:mm:ss'Z'";
-	@Override
-	public void serialize(Date date, JsonGenerator gen,
-			SerializerProvider provider) throws IOException,
-			JsonProcessingException {
-
-		String formattedDate = new SimpleDateFormat(DATE_FORMAT).format(date);
-		gen.writeString(formattedDate);
-	}
+    @Override
+    public void serialize(Date date, JsonGenerator gen, SerializerProvider provider) throws IOException {
+        String formattedDate = new SimpleDateFormat(DATE_FORMAT).format(date);
 
+        gen.writeString(formattedDate);
+    }
 }